Tag: cryptanalysis

So last time I visited the Simon Singh’s Code Book was just as Charles Babbage was breaking Vigenére’s cipher by applying frequency analysis to the individually addressed letters in the key.

As Singh later describes, repetition is the enemy of security, and this holds true in pretty much all cases. It is the reason Babbage was able to break the Vigenére cipher and the reason, as we see later, that Allied cryptographers used to break the Enigma.

One way to make a perfect cipher is to prevent repetition, with for example a one-time pad of random keys. This is as Singh suggest, a “perfect cipher”, impregnable to any cryptanalysis. It is not easy to maintain though, and producing random one-time pads is very difficult.

So short cuts are taken, especially considering that around this time period (late 19th/early 20th century) the invention of the telegraph and radio means that more and more communication is being done out in the open, available for any to capture. As a result, cryptography becomes part of the mainstream as many members of the public try to encrypt their private correspondence to prevent prying eyes and ears from reading their messages.

All the meanwhile, government-run cryptanalysis centers beef up their staff and talent as politics gets heated. When war finally breaks out in Europe, cryptanalysis plays a large role in determining the outcome of the battles and the war as a whole.

During the war some really interesting insights are developed. Since this is the first time radio is used to communicate during wartime, analysts realize the power of traffic and signal analysis, both very interesting fields in of themselves. For example, analysts are able to determine the location of message senders through triangulation and are able to uniquely identify the message sender by analyzing how the message is being sent.

The real gem of cryptanalysis during the First World War comes from the British. British cryptanalysts at Room 40 had managed to completely decipher German communications at some point and were openly reading all of the messages being sent by German command. Singh doesn’t really go over the ciphers and how they were decrypted, but it appears that this had been done mostly through spycraft and intelligence gather rather than through cryptanalysis.

Nonetheless, the intelligence they gained was gold. At one point the German command had decided to renege on a deal that had kept the United States out of the war in order to ensure themselves a swift victory against the British. The British decrypted the message with the order to begin unrestricted U-Boat warfare as well as the invitation for Mexico to make war against the United States in order to keep America too busy to engage in Europe. With some slick spycraft, they were able to publicize the message without even letting the German’s suspect their cipher had been cracked, which in turn let them continue to read all communiqué unhindered.

Even after the war, the Germans didn’t know their cipher had been broken. Years after the war when it slowly became public knowledge that the British had been reading everything they had broadcasted, the Germans decided to take steps to protect themselves with a neat little machine developed by a German inventor named Arthur Scherbius, the Enigma Machine…

The next post will cover the Enigma Machine, the mechanism and the goliath task of cracking it.

So I decided to take a break from Simon Singh’s book which I mentioned in my last two posts to take a look at some practical applications of modern cryptography in Cristof Paar and Jan Pelzl’s Understanding Cryptography: A Textbook for Students and Practitioners. The book is surprisingly informative and so far easy to read, even though it deals with a set of mathematics and code that I haven’t worked with.

The book starts of general enough, with a condensed introduction to cryptography and cryptanalysis. The authors give a brief overview the state of modern cryptography and the avenues an interested party can take to crack the codes being utilized today. One that I had briefly heard of before and would be interested in researching more about later is a side channel attack, where an attacker uses the system’s physical properties to circumvent the encryption by gleaming a little about the process. This can include anything from tapping the actual processor to read the electrical currents flowing through, to analyzing the sounds a keyboard makes when a user types in their keyphrase. Interesting as this is, it isn’t what I wanted to post about today, modulus arithmetic is.

Modulus arithmetic is more commonly known as remainder arithmetic or “clock arithmetic.” In code, the modulus operator is signified by the “%” symbol and when applied to two numbers X and Y will simply give the remainder of the two when X is divided by Y.

As Paar and Pelzl explain, even in early caesar cipher’s, all cipher text is created out of a finite set of objects. Modulus math can be used to tell us where in the set of numbers a digit/character lays after being ciphered and deciphered. What’s more, modulus arithmetic has certain fascinating properties, such as equivalency sets.

Now equivalency sets took me a while to understand completely since the concept was a bit foreign to me. Take for example 12 % 9… for the most part the answer we see and use is 3. But according to modulus arithmetic, there is an equivalency set made up of all other numbers that would also have the same remainder, that is {…, -6, 3, 12, 21, … }. This equivalency allows us to do some math with the other numbers in the set which can be very useful as we get more involved in public key cryptography.

I’ve been reading Simon Singh’s Code Book which reads as part cryptography lesson and part historical thriller. The last time I updated we read about the cipher of Mary Queen of Scots and how it was broken through excellent spy craft and cryptanalysis. Even though most us mere mortals wouldn’t be able to break her cipher, to a trained analyst like those who served Queen Elizabeth and Walsingham her spy master, the cipher was easily broken.

Mary was at the time under house arrest in England, watched over by a stern guardian who monitored all of her communication. As Singh tells the story, Mary thought herself forgotten by the world until a young catholic named Gilbert Gifford offered his services as a courier between Mary and a young radical named Babington. It turns out that Gifford was in fact a double agent who was asked by Walsingham (Queen Elizabeth’s spymaster) to become the courier. Needless to say during the entire time he was ferreting letters back and forth between Babington and Mary, he was letting Walsingham copy the letters character by character, giving Walsingham and his cryptanalysts time to decipher them, all the while leaving Babington and Mary to believe they were communicating securely. These encrypted letters which later decrypted by Walsingham, condemn Mary Queen of Scots to death for her role in the Babington Plot against Queen Elizabeth.

Now what Singh fails to mention is of critical importance here. Singh fails to mention how Babington and Mary, who had never met and as we know never really had a secure channel of communications, were able to coordinate their initial cipher. The challenge nowadays in cryptography is that initial handshake, how did Mary and Babington manage to overcome this problem?

Around the same time another cipher was developed that Singh suggests would have saved Mary’s life had she used it, the Vigenère cipher. Vigenére was a mathematician and cryptographer who developed a new cipher that used more than one caesar cipher alphabet. According to Singh, no one really thought to use the cipher until decades later, but the polyalphabetic cipher were considerably more difficult to crack than the monoalphabetic cipher. The problem that monoalphabetic ciphers like Mary’s had was that they were susceptible to frequency analysis. Polyalphabetic ciphers were also susceptible as Charles Babbage later proves.

Babbage is more famously known for his ingenious designs that predicted the computer over a century before the first transistor was invented at Bell Labs. Babbage saw the Vigenére cipher as a challenge and used mathematics and statistics, much like before the earlier cryptanalysts did when using frequency analysis against monoalphabetic ciphers, but this time around the mathematics gets considerably more complicated.

As we can see from Babbage and the Vigenére cipher, math is becoming more and more important in cryptography. Babbage’s Victorian-era story, the story of the “father of computing” tackling a challenging puzzle of mathematics and linguistics only to break yet another cryptographic protocol foreshadows our contemporary story of hackers and cryptopunks constantly tweaking away at the systems that secure the internet and our data.

I’ve always been fascinated and terrified by encryption algorithms. They’re the backbone of our web based economy and provide companies and users with some level of privacy. Of course nothing is fool proof, not even the most advanced of our encryption algorithms. It seems day after day we hear about hacker collectives that exploit a flaw in a system and extracted hashed and encrypted data that everyone fears might be cracked. I say fears, because most no one understands how these encryption algorithms work and how they really protect our data. Where are they weak and how do they shine?

For my research studio on algorithms I’ve decided to concentrate on understanding and implementing some encryption and decryption algorithms as well as playing around with some advanced mathematics, just so I can get a better idea of what it is we need in applications and to protect ourselves in an increasingly open (to spy on) world.

It was surprising to learn that the origins of cryptanalysis can be traced to the Muslim world after the birth of Islam. Considering the other numerous breakthroughs in the areas of arts, science and mathematics pioneered by those early Muslims, this shouldn’t have been a surprise but it was.

Hoping to find many more pleasant little surprises in the history and the code before I’m done.